Data Breach

Media Inquiries: mediarelations@situsamc.com
 

STATEMENT

November 22, 2025 - On November 12, 2025, SitusAMC (“we” or the “Company”) became aware of an incident that we have now determined resulted in certain information from our systems being compromised. Corporate data associated with certain of our clients’ relationship with SitusAMC such as accounting records and legal agreements has been impacted. Certain data relating to some of our clients’ customers may also have been impacted.  The scope, nature and extent of such impact remains under investigation by the Company and its third-party advisors.

Upon becoming aware of the incident, we commenced an investigation with the assistance of leading experts, notified (and continue to cooperate with) federal law enforcement authorities, and began taking measures to assess and contain the incident.  The incident is now contained and our services are fully operational. No encrypting malware was involved.

We are in direct, regular contact with our clients about this matter. We remain focused on analyzing any potentially affected data and will provide updates directly to our clients as our investigation progresses. 

_______________

UPDATE
December 09, 2025

SitusAMC continues to work with leading third-party experts on the forensic analysis, which we hope to complete soon. We remain confident that the incident is contained and the threat actor was eradicated from our systems. Further, we remain fully operational and continue to serve our clients. Importantly, for our warehouse finance and custody clients, our analysis has not identified any evidence to indicate that the unauthorized actor accessed or attempted to access the emBTRUST or ProMerit applications.

Our review of the compromised files is also underway. This process will take time to complete, but we are bringing all available resources to bear to complete the data review as rapidly as possible. Once the review is complete, impacted clients will be contacted directly with information on how to request secure electronic access to impacted data information related to such clients. We will also coordinate with impacted clients related to any consumer notifications that may be required.

We appreciate your patience and partnership. We will continue to provide further updates as more information becomes available.

Sample Client Letter

Dated November 25, 2025

Dear Client,  

Following up on our prior communications, on or about November 12, 2025, SitusAMC (“we” or the “Company”) became aware of an incident that resulted in certain information from our systems being compromised. As described further below, we have now confirmed that certain information related to you was acquired by an unauthorized third-party during the incident. 

What Information Was Involved: While our investigation remains ongoing, we want to provide you with an update regarding certain information related to you that we have determined was acquired by the unauthorized actor. Specifically, we have file paths associated with certain files that were acquired by the unauthorized actor. We conducted word searches against these file paths to identify file paths that include your name in the file path. The searched file paths are related to (i) files associated with our residential Collateral and Asset Management (CAM) system, and (ii) SitusAMC corporate files that generally include legal contracts and accounting documents. We note that this is not a review of the content of any impacted files, but rather a listing of relevant file paths likely related to you. A list of these file paths is attached hereto for your review.       

We are working to review the impacted files and intend to provide you with access to the files that belong to you or your customers via a virtual data room. In addition, as we have previously advised, our investigation remains ongoing. We will notify you if we identify additional impacted files related to you, including loan files associated with residential loan file reviews. 

How We Responded: Upon becoming aware of the incident, the Company commenced an investigation with the assistance of leading experts, notified and is continuing to cooperate with federal law enforcement authorities, and began taking measures to assess and contain the incident.  

Our systems and services remain fully operational, and we are providing full service to our clients. The incident is contained and did not involve encrypting malware.  

What We Are Doing: Upon learning of the incident, we took prompt steps to investigate the nature and scope of the incident with the assistance of leading experts. We notified and continue to closely coordinate with federal law enforcement. We took measures to further secure our systems and are monitoring them to further identify any data that may have been impacted.   

We take this matter and the security of our clients’ information very seriously. If you have additional questions, please reach out to securitynotice@situsamc.com. Thank you for your ongoing partnership with SitusAMC. 

Sincerely, 

SitusAMC